CVE-2007-2839

gfax < 0.4.2 - Arbitrary Command Execution via Insecure Temporary File Handling

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2839. PoCs published by Steve Kemp.

AI-analyzed exploit summary This exploit leverages a local privilege escalation vulnerability in GFAX by continuously writing a malicious cron job to /tmp/crontab, which executes arbitrary commands as root. The PoC attempts to copy /bin/sh to /tmp and set the SUID bit, granting root access.

Description

gfax 0.4.2 and probably other versions creates temporary files insecurely, which allows local users to execute arbitrary commands via unknown vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Steve Kemp · textlocallinux

https://www.exploit-db.com/exploits/30280

View Code ZIP pw:eip

This exploit leverages a local privilege escalation vulnerability in GFAX by continuously writing a malicious cron job to /tmp/crontab, which executes arbitrary commands as root. The PoC attempts to copy /bin/sh to /tmp and set the SUID bit, granting root access.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: GFAX 0.7.6

No auth needed

Prerequisites: Local access to the vulnerable system

MITRE ATT&CK